What is Shellshock Bug?
Shellshock is a security vulnerability(CVE-2014-6271) in the widely used Unix Bash Shell which was discovered by Stéphane Chazelas on 12 September 2014 and disclosed on 24 September 2014. Subsequently, various researchers have discovered multiple other vulnerabilities in bash.
What is the Vulnerability?
The Unix Bash Shell stores exported function definitions in environment variables. When a new instance of bash is launched, it reads these specially crafted environment variables, and interprets them as function definitions. Unfortunately, due to insufficient constraints in the determination of acceptable function-like strings in the environment, the parsing of these function definitions from the environment variables had bugs. Because of this bug, vulnerable versions of Bash also interprets arbitrary commands that occur after the termination of the function definition and executes them.
What are attack vectors?
CGI based Web server attack : Web Servers which use CGI to handle requests and if the request handler is a Bash script or if it executes a Bash shell indirectly, the attacker can control the environment variables being passed to the Bash script by crafting a request accordingly and can thus launch the attack. Various Botnets and worms are already using this exploit to compromise vulnerable servers.
SSH server attack: OpenSSH has a “ForceCommand” feature which if enabled, a fixed command is executed when the user logs in before executing the user’s commands. The users command is kept in an environment variable and is executed after the forced command. If the user’s shell is a vulnerable Bash, the attacker can send crafted environment variables and run his commands before the forced command. Typically, this feature is used in restricted shells which can thus be bypassed by exploiting the Shellshock vulnerability.
DHCP Client attack: A DHCP client typically requests and gets an IP address from a DHCP server, but it can also be provided a series of additional options. A malicious DHCP server could provide, in one of these options, a string crafted to execute code on a vulnerable system.
Mitigation of Shellshock
If you are using Bash shell, upgrade it to the latest version which fixes the bugs. There may be more bugs being reported in the future and therefore keep your system updated with the latest patches.
(Read more: Hardware Trojans: Sneak Peek into the Future)